You are here

ICAEW highlights Cyber Risk in Corporate Finance

David Willetts, Minister for Universities & Science, has launched a new guide from the ICAEW giving practical advice to the corporate finance sector, with Government and industry backing.

The guide urges companies to make cyber-security a higher priority during transactions.

Corporate finance – including M&A, buyouts, venture capital and IPOs – is a major area of economic activity and driver of entrepreneurship, innovation and business expansion.

The new guidance from the ICAEW highlights how Cyber Risk can be rooted in the network of managers and advisers involved in Corporate Finance and stresses the the importance of a transparent process with shared responsibility to secure sensitive information.

UK-related M&A deals were worth a total of £216.8bn1 in 2013, but more companies undertaking such deals need to make cyber security a priority. In one recent case following an M&A deal, a FTSE 350 company suffered a sustained compromise of sensitive data, owing to the acquired company’s poor network security practice.

The guide comes from the Taskforce of a dozen major UK professional organisations, associations and professional services firms set up last year to help companies to deal with the growing cyber security threat from organised crime networks, nation states, ‘hacktivists’ and employees or contractors. The new guide, Cyber Security in Corporate Finance, outlines practical steps all businesses can take to manage the cyber security threat throughout the corporate finance process.

Minister for Universities and Science Rt Hon David Willetts MP, who launched the report at Chartered Accountants’ Hall in London, said: “We want to make the UK one of the most secure places in the world to do business online. This guidance will help companies that deal with very sensitive data to be more aware of the risks. It will help them to protect themselves and their customers from online criminals. It will allow the corporate finance sector to make the most of the opportunities that cyberspace can offer, helping the UK get ahead in the global race."

Michael Izza, ICAEW’s Chief Executive, said: “It’s very important to guard against over-confidence within circles of trust and to question whether all information should be shared with all parties during a corporate finance transaction. A weak link in the security of any of the parties can easily be exploited. This guide will help companies to transact securely and provide additional assurance to their shareholders and stakeholders.”

Cyber-crime is estimated to cost UK businesses billion pounds per year. Supported in its work by the Government through its National Cyber Security Programme, the ICAEW convened the Taskforce, which includes representatives of ICAEW’s Corporate Finance Faculty, Association of Corporate Treasurers, Association for Financial Markets in Europe, the British Private Equity & Venture Capital Association, Law Society, London Stock Exchange, the Takeover Panel, Deloitte, EY, KPMG and PwC. The CBI is also supporting the initiative.

Cyber Security, the process of protecting commercially sensitive information, data and intellectual property is a vital issue for all companies, advisers, investors, regulators and other stakeholders.

This initiative seeks to assist in combating the growing threat to the reputation and profitability of companies from those who might seek to attain corporate financial information, Understanding, anticipating and managing these risks is crucial for all company directors and advisers; it is not an issue to be dealt with only by IT and technical specialists.

Corporate finance, as defined by the Taskforce, covers a very wide range of activities, from a small business replacing an existing debt facility, to a large organisation preparing to list on the London Stock Exchange. These tasks vary greatly in complexity, but typically require the sharing of commercially sensitive or otherwise confidential information. This initiative is of relevance to the vast majority of organisations, be they commercial enterprises, government – both national and local, and not-for-profit organisations.

Commenting on the initiative from the ICAEW, Russell Price Chairman of the Continuity Forum and founding CRIF member, said "The guidance strikes the right balance, helping those less technical understand just how important they are to protecting highly sensitive information, but also stresses the executive responsibility to secure information properly. I hope that more firms will heed the advice and look to review and update their control processes."